Check payment status (via Api Key)

This endpoint checks whether a project (or a specific domain under the project) has been marked as paid.

It can also optionally return paid-only injectables when payment is confirmed.

Endpoint

GET /api/v1/project/{project}/has-paid

Authentication

This endpoint uses your API Key.

Required header

X-API-KEY: <your_api_key>

Optional headers

Some checks are domain-aware, so DevPayr may need to know the domain making the request.

Header	Required	Description
X-Devpayr-Domain	Sometimes	Recommended. Used to check payment status for the calling domain under the project.
Accept	No	application/json

✅ Best practice: always send X-Devpayr-Domain if you want domain-specific checks.

Example:

X-Devpayr-Domain: yourapp.com

Path Parameters

Parameter	Type	Required	Description
project	integer	Yes	The project ID.

Query Parameters

Parameter	Type	Required	Description
action	string	No	Set to check_project to force a project-level check (ignores domain).
include	string	No	Set to injectables to include paid-only injectables when has_paid=true.

Examples:

• /api/v1/project/42/has-paid?action=check_project

• /api/v1/project/42/has-paid?include=injectables

• /api/v1/project/42/has-paid?action=check_project&include=injectables

What this endpoint checks

DevPayr decides has_paid using one of these flows:

1. Project-level (forced)

• If action=check_project, it checks the project’s paid state.

1. Domain-level (if applicable)

• Otherwise, DevPayr attempts to evaluate paid status for a specific domain under the project.

• To do this, DevPayr needs the request domain — send X-Devpayr-Domain.

If the domain cannot be determined, it returns 400. If the domain is not registered under the project, it returns 403.

Request Example (cURL)

Check payment status (domain-aware)

curl -X GET "https://api.devpayr.com/api/v1/project/42/has-paid" \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "X-Devpayr-Domain: yourapp.com" \
  -H "Accept: application/json"

Force project-level check (ignore domain)

Include paid-only injectables (only returned if paid)

Not Paid

{
  "status": "success",
  "message": "Success",
  "data": {
    "has_paid": false
  },
  "errors": null
}

Paid, Injectables Not Requested

Paid + Injectables Requested

Response Fields Explained

Top-level response keys

Key	Type	Description
status	string	success or error
message	string	Human-readable message
data	object | null	Payload
errors	object | null	Error details (if any)

data keys

Key	Type	Description
has_paid	boolean	Whether payment is confirmed for the evaluated target
injectables	array	Present only when include=injectables and has_paid=true

injectables[] object keys

Key	Type	Description
id	integer	Injectable ID
slug	string	Identifier slug
title	string | null	Display title
type	string	Injectable type
mode	string	Injectable mode
target_path	string | null	Where it should apply
content	string	Encrypted content
file_path	string | null	Encrypted file path (only for file-type injectables)
is_active	boolean	Whether injectable is active
only_if_paid	boolean	Whether injectable is paid-only
meta	object	Optional metadata

Error Responses

401 — Missing API key

{
  "status": "error",
  "message": "Missing required X-API-KEY header.",
  "data": null,
  "errors": null
}

403 — API key not allowed for this project

{
  "status": "error",
  "message": "This API key does not have access to this project.",
  "data": null,
  "errors": null
}

400 — Domain could not be determined (domain-aware check)

{
  "status": "error",
  "message": "Unable to determine request domain. Please send X-Devpayr-Domain header.",
  "data": null,
  "errors": null
}

403 — Domain not registered under the project

{
  "status": "error",
  "message": "This domain is not registered under the project.",
  "data": null,
  "errors": null
}